CVE-2025-60880
Bagisto 2.3.6 admin panel product creation path is affected by an authenticated stored XSS via a crafted SVG file containing JavaScript. Exploitation requires an authenticated admin and can lead to in-browser arbitrary JS execution, with potential session hijacking or data theft. Affected compone...